Keeping your data secure
Vault Platform maintains an internal security threat model and commissions external penetration testing on a regular basis to ensure the security of Vault Platform applications.
Certifications and attestations
Vault Platform is ISO 27001 certified, complying with a set of industry procedures and policies relating to information security management. Vault has been audited against the SOC2 framework, a voluntary compliance standard for service organizations based on the following criteria: security, availability, and confidentiality. External certifications can be accessed from our Trust Centre.
We operate a security program that includes regular security audits, vulnerability scans, external penetration testing, automated monitoring, and security training for our staff.
We continually monitor developing standards and legislation to ensure that Vault Platform adheres to the security requirements of leading industry bodies.
Secure and trusted hosting infrastructure
Our servers are located within the European Union and the United Kingdom, in AWS (Amazon Web Services) data centers that are ISO 27001, SOC 1, and SOC 2 certified.
Customer data is stored in multiple locations in our hosting provider’s data centers to ensure availability. We operate a business continuity program that includes backup and restoration procedures that are regularly reviewed and tested.
AWS data centers have round-the-clock security and strict controls for physical access. Learn more about AWS physical security.
The Vault Platform operations team is on-call 24/7 to support the service.
Data encryption in transit and at rest
Vault utilizes some of the most advanced technology for Internet security available today. When you access the application using a browser or through our mobile app, Transport Layer Security (TLS) technology protects your information using server authentication and encryption, ensuring that your data is safe and secure.
At rest, all data is encrypted using the 256-bit advanced encryption standard (AES-256).
We regularly monitor changes to the cryptographic landscape and implement best practices as they evolve.
Application security
We provide regular training for our engineers in secure coding, that covers key OWASP security risks, common attacks and security controls best practices.
As part of the software development process at Vault, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested using a quality assurance process to help ensure an expected, consistent, experience across supported devices and platforms.
Organizational security and practices
All Vault employees are vetted before joining and are required to complete annual security awareness training. Training topics include information security, data privacy, and risk mitigation.
All Vault employee work devices are configured with full-disk encryption and strong password protection. Employees are prohibited from using unauthorized software or portable media.
Administrative access to systems within the production environment is limited to staff with a specific need to support our services. Access to our servers is monitored and audited, we regularly review system and access logs.
Responsible disclosure: If you believe you have found a security vulnerability, please let us know at security@vaultplatform.com
All reported vulnerabilities are treated in accordance with Vault’s Responsible Vulnerability Disclosure Policy.
Vault’s Active Integrity solution
Vault Platform’s Active Integrity solution activates everyone in your business ecosystem – including employees, shareholders, and suppliers – to uncover and prevent misconduct through a multichannel approach.